I've been using 1and1 hosting for a while now and overall I am satisfied with their level of support and the ease of use of their admin panel.
However, I'm going to be branching out from just doing my PC repair stuff into doing some e-commerce… In order to process credit cards using PayPal's pro, I need a PCI compliant host, and I'm trying to price out my options. Does anyone have some links they would like to share?
Best Answer
I investigated the PCI compliance process for my small non-profit a few months back. At this point, the PCI compliance process is a sham. It is neigh impossible for any small business to comply with the PCI certification process, using a PCI compliant datacenter or not.
What it comes down to is that the credit card industry is trying to can the beast that has been growing the past 30 years. The PCI compliance process is meant to force businesses to use major credit card processors to process any credit card transaction, making sure any credit card information is never in the end-merchant's hands (or computers).
The way the PayPal PayflowPro process works, is that your customer places an order on your website, then they are forwarded to PayPal's payment webpage (customized to your liking) to actually enter the payment, then the gateway sends back an 'OK' to your site, saying that the payment was processed.
This differs from what happened in the past, which is they would enter the credit card information on your site, then you passed that information to a merchant gateway, which then gave your site the OK. There are other merchant processors that do this same thing, such as authorize.net and Google Payments.
This change means that your website, and hosted server, does not need to be PCI compliant since credit card information never passes through it. Hopefully this doesn't come across as a rant, but the way they have been implementing PCI and 'scaring' customers with PCI compliance, and charging fees along the way, has been a joke.
You'll find plenty of companies willing to sell you PCI compliance services (even on this website) but in my opinion it is merely snakeoil.